SEARCH

appropriate risk, and legal and regulatory requirements are properly met as evidenced primarily through audits Fundamentally, GRC started as a way to: Avoid Prosecution, Prevent Loss, and Audit and Control The primary emphasis from a systems and process perspective has been on the audit function to verify The focus on audits parallels similar approaches applied to quality, safety and environmental programs This audit-based approach will exact a heavy burden on organizations.

probably noticed something frustrating: organizations can have excellent compliance documentation, pass audits It's the difference between having environmental procedures that get referenced during audits versus environmental activities: quarterly emissions monitoring, annual environmental training, periodic waste audits compliance status through both automated monitoring and human verification without waiting for the next audit The Bottom Line The future of compliance isn't better documentation or more audits—it's integrative compliance

This isn't hard to imagine when excessive audits and controls are put in place as a reaction to a serious incident or serious audit findings. This produces better results than inspecting and auditing for conformance afterwards. The lack of prescription, while a good thing, is viewed negatively because it's more difficult to audit As a consequence, auditors can no longer tell organizations what to do and neither should they.

an old model where meeting obligations (the act of compliance) is a checkbox activity reinforced by audits

The internal audit function still has a role under Compliance 2. However, auditing now focuses on evaluating effectiveness as measured against compliance outcomes.

This can include tools for tracking compliance obligations, managing audits and inspections, and monitoring platform that helps organizations manage their regulatory compliance obligations through automated audits Their services include regulatory analysis, EHS audits, and compliance management systems. Their services include compliance audits, training, and consulting. Their services include regulatory compliance news and analysis, training, and audit checklists.

Step   The first step toward closing The Compliance Effectiveness Gap  is a:   TOTAL VALUE COMPLIANCE AUDIT This is not a traditional audit.  

Don't wait for quarterly audits to verify compliance. Not quarterly reports or yearly audits—constant visibility into drift before it becomes non-compliance

Imagine a clear audit trail readily available at your fingertips. No more waiting for audits to find out that you are off-side and at risk.

Substituting audit regimes with performance and risk-based compliance services has been slow although But we know this leads to same outcomes that we have always had; passing audits but not advancing compliance

However, this is the approach when compliance is based on the traditional operating principles of audits This shift will require an operational model that is more than training, audits and corrective actions

And yet, audits remain the primary mechanism to protect stakeholders from the effects of uncertainty. remains mostly a world of disparate silos, competing cultures, inefficient processes, and excessive audits